Privilege Escalation via Account Takeover on NodeBB Forum Software (512$)

InfoSec Write-ups – Medium–

Privilege Escalation via Account Takeover on NodeBB Forum Software — Bug Bounty (512$)

Hello Guys !

I hope you all doing well. ✌️

About a month ago, I told you that I found an Account Takeover vulnerability in a web application as in the screenshot below. With the new patch coming to the web application with the vulnerability, I can now share with you how I found the vulnerability.

This is my first bug bounty write-up so im writing P1 qualified vulnerability.,

Lets talk about it.

When I made the tests for NodeBB forum software, I found that the password of the every user account can be changed.

Now I will tell you the steps to exploit this vulnerability.

  1. First of all, to determine the “admin” user’s uid :*

I tried numbers on the place marked with an asterisk(*) and I find that the uid value of the admin account is 1. ->

2- I created a user whose name is “testuser1” for myself.

3- I went to the password change page from my user profile and i entered our current password in the first box.Then I wrote in the second and third boxes that the passwords which we want to change.

4- Then, before press the submit button, I opened the Burp Suite, which has a proxy options and I replaced the uid value on the request with 1, which is the uid value of the admin user, and I sent the request.

5- I wrote “admin” in the user name box and the password i wrote in step 5 in the password box.

6- Thus, I obtained the account of the “admin” user.

Thus, thanks to this vulnerability I found in NodeBB company, I won a prize of 512 Dollars. 🏆🏆🏆

You can click the link below to view the NodeBB Forum Software’s Hall of Fame list.

Below is the link to the github page, which contains information that the vulnerability has been closed.

I hope you guys learn something from it and if so give a high five. ✋

Thank you for reading my article. You can reach me at the links below.

Healthy days ! 😷

Privilege Escalation via Account Takeover on NodeBB Forum Software (512$) was originally published in InfoSec Write-ups on Medium, where people are continuing the conversation by highlighting and responding to this story.

View original article on InfoSec Write-ups – Medium

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s